add hybrid flow response type validation

wso2 · Jun 2, 2024 · 4d311a1 · 4d311a1
1 parent b16857c
commit 4d311a1
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/...bon/identity/api/server/application/management/common/ApplicationManagementConstants.java b/...bon/identity/api/server/application/management/common/ApplicationManagementConstants.java
@@ -77,7 +77,9 @@ private ApplicationManagementConstants() {
     public static final String NON_EXISTING_USER_CODE = "30007 - ";
     public static final String APPLICATION_BASED_OUTBOUND_PROVISIONING_ENABLED =
             "OutboundProvisioning.enableApplicationBasedOutboundProvisioning";
-
+    public static final String CODE_TOKEN = "code token";
+    public static final String CODE_IDTOKEN = "code id_token";
+    public static final String CODE_IDTOKEN_TOKEN = "code id_token token";
 
     /**
      * Enums for error messages.
@@ -152,6 +154,13 @@ public enum ErrorMessage {
         UNSUPPORTED_OUTBOUND_PROVISIONING_CONFIGURATION("60514",
                 "Outbound provisioning configuration not supported.",
                 "Application-based outbound provisioning support is disabled."),
+        Hybrid_FLOW_RESPONSE_TYPE_NOT_FOUND("60515",
+                "Hybrid flow response type not found.",
+                "Hybrid flow response type cannot be found for the application"),
+        Hybrid_FLOW_RESPONSE_TYPE_INCORRECT("60516",
+                "Hybrid flow response type is incorrect.",
+                "The response type for the hybrid flow should be either 'code token' or 'code id_token' or " +
+                        "'code id_token token'"),
 
         // Server Errors.
         ERROR_RETRIEVING_SAML_METADATA("65001",

diff --git a/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java
@@ -16,7 +16,9 @@
 package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2;
 
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants;
 import org.wso2.carbon.identity.api.server.application.management.v1.AccessTokenConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.HybridFlowConfiguration;
@@ -29,12 +31,16 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
+import org.wso2.carbon.identity.api.server.common.error.APIError;
+import org.wso2.carbon.identity.api.server.common.error.ErrorResponse;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
 import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
 
 import java.util.List;
 import java.util.Optional;
 
+import javax.ws.rs.core.Response;
+
 import static org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils.setIfNotNull;
 
 /**
@@ -174,8 +180,40 @@ private void updateHybridFlowConfigurations(OAuthConsumerAppDTO consumerAppDTO,
                                                 HybridFlowConfiguration hybridFlow) {
 
         if (hybridFlow != null) {
+
             consumerAppDTO.setHybridFlowEnabled(hybridFlow.getEnable());
-            consumerAppDTO.setHybridFlowResponseType(hybridFlow.getResponseType());
+            if (hybridFlow.getEnable()) {
+                validateHybridFlowResponseType(consumerAppDTO, hybridFlow);
+                consumerAppDTO.setHybridFlowResponseType(hybridFlow.getResponseType());
+            }
+        }
+    }
+
+    private void validateHybridFlowResponseType(OAuthConsumerAppDTO consumerAppDTO,
+                                                HybridFlowConfiguration hybridFlowResponseType) {
+
+        String[] allowedResponseTypes = {ApplicationManagementConstants.CODE_TOKEN,
+                                         ApplicationManagementConstants.CODE_IDTOKEN,
+                                         ApplicationManagementConstants.CODE_IDTOKEN_TOKEN};
+
+        if (StringUtils.isBlank(hybridFlowResponseType.getResponseType())) {
+            throw new APIError(Response.Status.BAD_REQUEST,
+                    new ErrorResponse.Builder().withCode(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_NOT_FOUND.getCode())
+                            .withMessage(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_NOT_FOUND.getMessage())
+                            .withDescription(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_NOT_FOUND.getDescription()).build());
+        }
+
+        if (!ArrayUtils.contains(allowedResponseTypes, hybridFlowResponseType.getResponseType())) {
+            throw new APIError(Response.Status.BAD_REQUEST,
+                    new ErrorResponse.Builder().withCode(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_INCORRECT.getCode())
+                            .withMessage(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_INCORRECT.getMessage())
+                            .withDescription(ApplicationManagementConstants.ErrorMessage
+                                    .Hybrid_FLOW_RESPONSE_TYPE_INCORRECT.getDescription()).build());
         }
     }